APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
2014-12-11T00:00:00
ID SECURITYVULNS:DOC:31492 Type securityvulns Reporter Securityvulns Modified 2014-12-11T00:00:00
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and
addresses the following:
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1748 : Jordan Milne
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-4452
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
{"id": "SECURITYVULNS:DOC:31492", "bulletinFamily": "software", "title": "APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\nAPPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 \r\n\r\nSafari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and\r\naddresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Visiting a website that frames malicious content may lead to\r\nUI spoofing\r\nDescription: A UI spoofing issue existed in the handling of\r\nscrollbar boundaries. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1748 : Jordan Milne\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-4452\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\n\r\n\r\nSafari 8.0.1, Safari 7.1.1, and Safari 6.2.1 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - https://gpgtools.org\r\n\r\niQIcBAEBCgAGBQJUfjjSAAoJEBcWfLTuOo7t1PsP/j0H8iRJiPtYVwRly6mxyDrv\r\n4Ji7sopCSNa96qcqn9jILbFTkthqaXE/vew2UdJgO5CSXqxcF50I9bUkPJyJBq4j\r\nqGEu8a54pMteNSCtox1mwzZu8tcOArc//oQhMPhqSRkEvjVv2bsJdQ9bmc1QqHhP\r\nHkJBN/HO8w5RvZ6o5PiitnOOwVOu2sEX80mI7eYKmRjl7AWMzVE6sER1boL+EyCW\r\n4F5s9610J7KjpWh2QewhhefYPootah9JCKoybTrrba+hBESYtHuRwTTkay7cgMkd\r\nJ+a4xdjngl/ySFqOH7IhnnUD8Cs5UelHk7HlwqoGTxsaRjKnWlZ+1PqtE5buN7v+\r\nSeZeYqeWwSJEeDis55dMIHuKmYl3XsAHU7405A8AW27YLh+ABrnZNctebHub3bJ8\r\nBayfF1h1AHh1UohXnz7u6o9LKavmKzy1VoUiTBKbon+4mBILuj9MlJVXxCIq/8Sl\r\nkmxKlE969d1Ij/6LeNKb/BZ9SYoEOdkgZdqO5BNNtsBgE17xm5yGuJeZyour5hSM\r\n8a9FwRf9QjKD/xodIP0VtB/c53eUe1DRJNgwXkmC4K+7nslBexmzDOxs2bG2LXOU\r\nz0aExXx0goTI5K14PRFE+hLVDOw0jNjp7K2EQAKSK9oKF1sR/tk2nqO/AduSArbe\r\nbftlUMkfPwAuqhtNajQZ\r\n=S2wI\r\n-----END PGP SIGNATURE\u2014\u2014\r\n\r\n", "published": "2014-12-11T00:00:00", "modified": "2014-12-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31492", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-4469", "CVE-2014-4474", "CVE-2014-4475", "CVE-2014-4466", "CVE-2014-4470", "CVE-2014-4452", "CVE-2014-4472", "CVE-2014-4468", "CVE-2014-4473", "CVE-2014-4471", "CVE-2014-4465", "CVE-2014-1748", "CVE-2014-4459"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:56", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "60f0a5596903cfbd3d4df8e48455ea3e"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "134de01ede17e26b05acdfdada6246e6"}, {"key": "href", "hash": "8fd5e59321607cf4142c296a13b1d735"}, {"key": "modified", "hash": "7f532fffda72eb974826ed4a6889f244"}, {"key": "published", "hash": "7f532fffda72eb974826ed4a6889f244"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "9c256f9ef7b13ae000d6065128de1bd9"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d6d1b7adedcdcc02ecf25b5a03cfc9608fe1a40df8cf51e39b2c9a03c23872d2", "viewCount": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-08-31T11:10:56"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14148", "SECURITYVULNS:DOC:31676", "SECURITYVULNS:VULN:14243", "SECURITYVULNS:VULN:14242", "SECURITYVULNS:DOC:31677", "SECURITYVULNS:DOC:32263", "SECURITYVULNS:DOC:31399", "SECURITYVULNS:VULN:14104", "SECURITYVULNS:DOC:31398", "SECURITYVULNS:VULN:14105"]}, {"type": "nessus", "idList": ["MACOSX_SAFARI8_0_2.NASL", "APPLETV_7_0_3.NASL", "ITUNES_12_2_0.NASL", "ITUNES_12_2_0_BANNER.NASL", "FREEBSD_PKG_1091D2D1CB2E11E5B14BBCAEC565249C.NASL", "MACOSX_10_10_1.NASL", "APPLETV_7_0_2.NASL", "OPERA_2200.NASL", "FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL", "GOOGLE_CHROME_35_0_1916_114.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805305", "OPENVAS:1361412562310806151", "OPENVAS:702939", "OPENVAS:1361412562310804617", "OPENVAS:1361412562310804616", "OPENVAS:1361412562310702939", "OPENVAS:1361412562310804618", "OPENVAS:1361412562310841913", "OPENVAS:1361412562310807742", "OPENVAS:1361412562310842701"]}, {"type": "cve", "idList": ["CVE-2014-4452", "CVE-2014-4466", "CVE-2014-4459", "CVE-2014-4469", "CVE-2014-4468", "CVE-2014-4471", "CVE-2014-4474", "CVE-2014-4472", "CVE-2014-1748", "CVE-2014-4473"]}, {"type": "kaspersky", "idList": ["KLA10620", "KLA10007"]}, {"type": "freebsd", "idList": ["1091D2D1-CB2E-11E5-B14B-BCAEC565249C", "64F3872B-E05D-11E3-9DD4-00262D5ED8EE"]}, {"type": "threatpost", "idList": ["THREATPOST:BE295CCB6FC1FBBC4D99DAD78F09067A"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2939-1:3EA17"]}, {"type": "ubuntu", "idList": ["USN-2298-1", "USN-2937-1"]}, {"type": "gentoo", "idList": ["GLSA-201408-16"]}], "modified": "2018-08-31T11:10:56"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "affectedSoftware": []}
{"nessus": [{"lastseen": "2019-12-13T07:54:36", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote Mac OS X host is a\nversion prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by\nthe following vulnerabilities in WebKit :\n\n - An SVG loaded in an IMG element could load a CSS file\n cross-origin. This can allow data exfiltration.\n (CVE-2014-4465)\n\n - A UI spoofing flaw exists in the handling of scrollbar\n boundaries. Visiting websites that frame malicious\n content can allow the UI to be spoofed. (CVE-2014-1748)\n\n - Multiple memory corruption issues exist that can lead to\n an unexpected application crash or potential arbitrary\n code execution by means of malicious website content.\n (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466,\n CVE-2014-4468, CVE-2014-4469, CVE-2014-4470,\n CVE-2014-4471, CVE-2014-4472, CVE-2014-4473,\n CVE-2014-4474, CVE-2014-4475)\n\nNote that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the\nsecurity content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more\nrecent updates, however, were released to fix potential issues with\nthe installation of the previous patch release.", "modified": "2019-12-02T00:00:00", "id": "MACOSX_SAFARI8_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/80055", "published": "2014-12-16T00:00:00", "title": "Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80055);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-1748\",\n \"CVE-2014-4465\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\"\n );\n script_bugtraq_id(\n 71438,\n 71439,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 71464\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-12-3-1\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is a\nversion prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by\nthe following vulnerabilities in WebKit :\n\n - An SVG loaded in an IMG element could load a CSS file\n cross-origin. This can allow data exfiltration.\n (CVE-2014-4465)\n\n - A UI spoofing flaw exists in the handling of scrollbar\n boundaries. Visiting websites that frame malicious\n content can allow the UI to be spoofed. (CVE-2014-1748)\n\n - Multiple memory corruption issues exist that can lead to\n an unexpected application crash or potential arbitrary\n code execution by means of malicious website content.\n (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466,\n CVE-2014-4468, CVE-2014-4469, CVE-2014-4470,\n CVE-2014-4471, CVE-2014-4472, CVE-2014-4473,\n CVE-2014-4474, CVE-2014-4475)\n\nNote that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the\nsecurity content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more\nrecent updates, however, were released to fix potential issues with\nthe installation of the previous patch release.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/en-us/HT1222\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/534148\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/en-us/HT6597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.2.2 / 7.1.2 / 8.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4466\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.([89]|10)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8 / 10.9 / 10.10\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\n# Even though the fixes that the recent\n# patches replace are no longer availabe,\n# the older versions are checked to avoid\n# FPs in the event that the initial fix\n# is present\nif (\"10.8\" >< os)\n{\n cutoff = \"6.2.1\";\n fixed_version = \"6.2.2\";\n}\nelse if (\"10.9\" >< os)\n{\n cutoff = \"7.1.1\";\n fixed_version = \"7.1.2\";\n}\nelse\n{\n cutoff= \"8.0.1\";\n fixed_version = \"8.0.2\";\n}\n\nif (ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:40:35", "bulletinFamily": "scanner", "description": "According to its banner, the remote Apple TV device is a version prior\nto 7.0.3. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple memory corruption issues exist, related to the\n included version of WebKit, that allow application\n crashes or arbitrary code execution. (CVE-2014-3192,\n CVE-2014-4459, CVE-2014-4466, CVE-2014-4468,\n CVE-2014-4469, CVE-2014-4470, CVE-2014-4471,\n CVE-2014-4472, CVE-2014-4473, CVE-2014-4474,\n CVE-2014-4475, CVE-2014-4476, CVE-2014-4477,\n CVE-2014-4479)\n\n - A state management issue exists due to improperly\n handling overlapping segments in Mach-O executable\n files. A local user can exploit this issue to execute\n unsigned code. (CVE-2014-4455)\n\n - A security bypass issue exists due to improper\n validation of SVG files loaded in an IMG element. An\n attacker can load a CSS of cross-origin resulting in\n information disclosure. (CVE-2014-4465)\n\n - An issue exists due to the symbolic linking performed\n by the ", "modified": "2019-12-02T00:00:00", "id": "APPLETV_7_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/81145", "published": "2015-02-03T00:00:00", "title": "Apple TV < 7.0.3 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81145);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-3192\",\n \"CVE-2014-4455\",\n \"CVE-2014-4459\",\n \"CVE-2014-4465\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2014-4480\",\n \"CVE-2014-4481\",\n \"CVE-2014-4483\",\n \"CVE-2014-4484\",\n \"CVE-2014-4485\",\n \"CVE-2014-4486\",\n \"CVE-2014-4487\",\n \"CVE-2014-4488\",\n \"CVE-2014-4489\",\n \"CVE-2014-4491\",\n \"CVE-2014-4492\",\n \"CVE-2014-4495\",\n \"CVE-2014-4496\"\n );\n script_bugtraq_id(\n 70273,\n 71140,\n 71144,\n 71438,\n 71439,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 72327,\n 72329,\n 72330,\n 72331,\n 72334\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-01-27-1\");\n\n script_name(english:\"Apple TV < 7.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version in the banner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV device is a version prior\nto 7.0.3. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple memory corruption issues exist, related to the\n included version of WebKit, that allow application\n crashes or arbitrary code execution. (CVE-2014-3192,\n CVE-2014-4459, CVE-2014-4466, CVE-2014-4468,\n CVE-2014-4469, CVE-2014-4470, CVE-2014-4471,\n CVE-2014-4472, CVE-2014-4473, CVE-2014-4474,\n CVE-2014-4475, CVE-2014-4476, CVE-2014-4477,\n CVE-2014-4479)\n\n - A state management issue exists due to improperly\n handling overlapping segments in Mach-O executable\n files. A local user can exploit this issue to execute\n unsigned code. (CVE-2014-4455)\n\n - A security bypass issue exists due to improper\n validation of SVG files loaded in an IMG element. An\n attacker can load a CSS of cross-origin resulting in\n information disclosure. (CVE-2014-4465)\n\n - An issue exists due to the symbolic linking performed\n by the 'afc' command which allows an attacker to\n access arbitrary files on the system. (CVE-2014-4480)\n\n - An integer overflow issue exists due to improper bounds\n checking when processing PDF files. (CVE-2014-4481)\n\n - A buffer overflow issue exists due to improper bounds\n checking when processing fonts in PDF files.\n (CVE-2014-4483)\n\n - A memory corruption issue exists due to improper bounds\n checking when processing '.dfont' files.\n (CVE-2014-4484)\n\n - A buffer overflow issue exists due to improper bounds\n checking when processing XML files. (CVE-2014-4485)\n\n - A null pointer dereference issue exists due to the\n handling of resource lists in the IOAcceleratorFamily\n kernel extension. (CVE-2014-4486)\n\n - A buffer overflow issue exists due to improper size\n validation in the IOHIDFamily. (CVE-2014-4487)\n\n - A validation issue exists due to the handling of\n resource queue metadata in the IOHIDFamily kernel\n extension. (CVE-2014-4488)\n\n - A null pointer dereference issue exists due to the\n handling of event queues in the IOHIDFamily kernel\n extension. (CVE-2014-4489)\n\n - An information disclosure issue exists due to the\n handling of APIs related to kernel extensions in which\n kernel addresses may be revealed. An attacker can\n leverage this to bypass ASLR protections.\n (CVE-2014-4491)\n\n - Multiple type confusion issues exists due to improper\n type checking during interprocess communication in the\n network daemon (networkd). (CVE-2014-4492)\n\n - An issue exists due to improper checking of shared\n memory permissions in the kernel shared memory\n subsystem. (CVE-2014-4495)\n\n - An information disclosure issue exists due to\n mach_port_kobject kernel interface leaking kernel\n addresses and heap permutation values. An attacker can\n leverage this to bypass ASLR protections.\n (CVE-2014-4496)\n\nNote that arbitrary code execution is possible with the above issues\nassigned CVE-2014-4481 through CVE-2014-4489, CVE-2014-4492, and\nCVE-2014-4495.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204246\");\n # https://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f3743d1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV 7.0.3 or later. Note that this update is only\navailable for 3rd generation and later models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4495\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689, 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nget_kb_item_or_exit(\"www/appletv\");\n\n# Apple TV 6.0 and later\nport = get_http_port(default:7000, dont_exit:TRUE);\nitem = \"/server-info\";\n\nif (!isnull(port))\n{\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : item,\n exit_on_fail:FALSE\n );\n\n report = NULL;\n\n if (res[0] =~'^HTTP/[0-9.]+ +200' && !empty_or_null(res[2]))\n {\n url = build_url(port:port, qs:item);\n\n # Examples: 12B435, 11A470e, etc.\n pat =\n \"<key>osBuildVersion</key>\\s+<string>([0-9]+)([A-Za-z])([0-9]+)([A-Za-z]+)?</string>\";\n matches = pregmatch(pattern:pat, string:res[2], icase:TRUE);\n\n if (!isnull(matches))\n {\n ver = matches[1] + matches[2] + matches[3];\n ver_major = int(matches[1]);\n ver_char = ord(matches[2]);\n ver_minor = int(matches[3]);\n\n fixed_build = \"12B466\";\n fixed_major = 12;\n fixed_char = ord(\"B\");\n fixed_minor = 466;\n\n if (\n # Major version <= fixed version\n ver_major < fixed_major || ( ver_major == fixed_major &&\n (\n # Value of character <= value of fixed character\n ver_char < fixed_char || ( ver_char == fixed_char &&\n # Minor version < fixed version\n ver_minor < fixed_minor\n )\n )\n )\n )\n report =\n '\\n URL : ' + url +\n '\\n Installed build : ' + ver +\n '\\n Fixed build : ' + fixed_build + ' (Apple TV 7.0.3)' +\n '\\n';\n\n else\n audit(AUDIT_HOST_NOT, \"affected because it is running build \" + ver);\n }\n else\n {\n pat = \"<key>srcvers</key>\\s+<string>([0-9.]+)</string>\";\n matches = pregmatch(pattern:pat, string:res[2], icase:TRUE);\n if (!isnull(matches))\n {\n airplay_ver = matches[1];\n fixed_airplay_ver = \"211.3\";\n\n if (ver_compare(ver:airplay_ver, fix:fixed_airplay_ver, strict:FALSE) < 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed AirPlay version : ' + airplay_ver +\n '\\n Fixed AirPlay version : ' + fixed_airplay_ver +\n '\\n';\n }\n else\n audit(AUDIT_HOST_NOT, \"affected because it is running AirPlay \" + airplay_ver);\n }\n }\n }\n}\n\nif (isnull(report))\n{\n port = 3689;\n banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\n if (\"DAAP-Server: iTunes/\" >!< banner && \"RIPT-Server: iTunesLib/\" >!< banner)\n audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\n pat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \\((Mac )?OS X\\)\";\n matches = egrep(pattern:pat, string:banner);\n\n if (\"DAAP-Server: iTunes/\" >< banner && !matches)\n audit(AUDIT_WRONG_WEB_SERVER, port, \"iTunes on an Apple TV\");\n\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\nif (!empty_or_null(report))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:51:06", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is\nprior to 12.2. It is, therefore, affected by multiple vulnerabilities\nin the bundled version of WebKit, including denial of service and\narbitrary code execution vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application", "modified": "2019-12-02T00:00:00", "id": "ITUNES_12_2_0.NASL", "href": "https://www.tenable.com/plugins/nessus/84504", "published": "2015-07-03T00:00:00", "title": "Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84504);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-3192\",\n \"CVE-2014-4452\",\n \"CVE-2014-4459\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2015-1068\",\n \"CVE-2015-1069\",\n \"CVE-2015-1070\",\n \"CVE-2015-1071\",\n \"CVE-2015-1072\",\n \"CVE-2015-1073\",\n \"CVE-2015-1074\",\n \"CVE-2015-1075\",\n \"CVE-2015-1076\",\n \"CVE-2015-1077\",\n \"CVE-2015-1078\",\n \"CVE-2015-1079\",\n \"CVE-2015-1080\",\n \"CVE-2015-1081\",\n \"CVE-2015-1082\",\n \"CVE-2015-1083\",\n \"CVE-2015-1119\",\n \"CVE-2015-1120\",\n \"CVE-2015-1121\",\n \"CVE-2015-1122\",\n \"CVE-2015-1124\",\n \"CVE-2015-1152\",\n \"CVE-2015-1153\",\n \"CVE-2015-1154\"\n );\n script_bugtraq_id(\n 70273,\n 71137,\n 71144,\n 71438,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 72329,\n 72330,\n 72331,\n 73972,\n 74523,\n 74525,\n 74526\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-6\");\n\n script_name(english:\"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.2. It is, therefore, affected by multiple vulnerabilities\nin the bundled version of WebKit, including denial of service and\narbitrary code execution vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204949\");\n # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?103c0dda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes 12.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4466\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.2.0.145\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:51:06", "bulletinFamily": "scanner", "description": "The version of Apple iTunes running on the remote host is prior to\n12.2. It is, therefore, affected by multiple vulnerabilities due to\nmemory corruption issues in the WebKit component. An attacker can\nexploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application", "modified": "2019-12-02T00:00:00", "id": "ITUNES_12_2_0_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/86600", "published": "2015-10-26T00:00:00", "title": "Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86600);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2014-3192\",\n \"CVE-2014-4452\",\n \"CVE-2014-4459\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2015-1068\",\n \"CVE-2015-1069\",\n \"CVE-2015-1070\",\n \"CVE-2015-1071\",\n \"CVE-2015-1072\",\n \"CVE-2015-1073\",\n \"CVE-2015-1074\",\n \"CVE-2015-1075\",\n \"CVE-2015-1076\",\n \"CVE-2015-1077\",\n \"CVE-2015-1078\",\n \"CVE-2015-1079\",\n \"CVE-2015-1080\",\n \"CVE-2015-1081\",\n \"CVE-2015-1082\",\n \"CVE-2015-1083\",\n \"CVE-2015-1119\",\n \"CVE-2015-1120\",\n \"CVE-2015-1121\",\n \"CVE-2015-1122\",\n \"CVE-2015-1124\",\n \"CVE-2015-1152\",\n \"CVE-2015-1153\",\n \"CVE-2015-1154\"\n );\n script_bugtraq_id(\n 70273,\n 71137,\n 71144,\n 71438,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 72329,\n 72330,\n 72331,\n 73972,\n 74523,\n 74525,\n 74526\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-6\");\n\n script_name(english:\"Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote host is prior to\n12.2. It is, therefore, affected by multiple vulnerabilities due to\nmemory corruption issues in the WebKit component. An attacker can\nexploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204949\");\n # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?103c0dda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple version iTunes 12.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4466\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.2.0.145\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:27:03", "bulletinFamily": "scanner", "description": "webkit reports :\n\nThe ScrollView::paint function in platform/scroll/ScrollView.cpp in\nBlink, as used in Google Chrome before 35.0.1916.114, allows remote\nattackers to spoof the UI by extending scrollbar painting into the\nparent frame.", "modified": "2019-12-02T00:00:00", "id": "FREEBSD_PKG_1091D2D1CB2E11E5B14BBCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/88583", "published": "2016-02-05T00:00:00", "title": "FreeBSD : webkit -- UI spoof (1091d2d1-cb2e-11e5-b14b-bcaec565249c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88583);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2014-1748\");\n\n script_name(english:\"FreeBSD : webkit -- UI spoof (1091d2d1-cb2e-11e5-b14b-bcaec565249c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"webkit reports :\n\nThe ScrollView::paint function in platform/scroll/ScrollView.cpp in\nBlink, as used in Google Chrome before 35.0.1916.114, allows remote\nattackers to spoof the UI by extending scrollbar painting into the\nparent frame.\"\n );\n # http://webkitgtk.org/security/WSA-2015-0002.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2015-0002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1091d2d1-cb2e-11e5-b14b-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d372340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk2<2.4.9_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk3<2.4.9_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-13T07:53:57", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior\nto version 10.10.1. This update contains several security-related\nfixes for the following components :\n\n - CFNetwork\n - Spotlight\n - System Profiler About This Mac\n - WebKit\n\nNote that successful exploitation of the most serious of these issues\ncan result in arbitrary code execution.", "modified": "2019-12-02T00:00:00", "id": "MACOSX_10_10_1.NASL", "href": "https://www.tenable.com/plugins/nessus/79310", "published": "2014-11-18T00:00:00", "title": "Mac OS X 10.10.x < 10.10.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79310);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-4453\",\n \"CVE-2014-4458\",\n \"CVE-2014-4459\",\n \"CVE-2014-4460\"\n );\n script_bugtraq_id(71135, 71139, 71144);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-11-17-2\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto version 10.10.1. This update contains several security-related\nfixes for the following components :\n\n - CFNetwork\n - Spotlight\n - System Profiler About This Mac\n - WebKit\n\nNote that successful exploitation of the most serious of these issues\ncan result in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT6591\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/534004/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.10.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4459\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.1\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:40:35", "bulletinFamily": "scanner", "description": "According to its banner, the remote Apple TV device is a version prior\nto 7.0.2. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple memory corruption issues exist related to the\n included version of WebKit that allow application\n crashes or arbitrary code execution. (CVE-2014-4452,\n CVE-2014-4462)\n\n - A state management issue exists due to improperly\n handling overlapping segments in Mach-O executable\n files. A local user can exploit this issue to execute\n unsigned code. (CVE-2014-4455)\n\n - A remote code execution issue exists due to improper\n validation of metadata fields in IOSharedDataQueue\n objects. (CVE-2014-4461)", "modified": "2019-12-02T00:00:00", "id": "APPLETV_7_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/79360", "published": "2014-11-20T00:00:00", "title": "Apple TV < 7.0.2 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79360);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2014-4452\",\n \"CVE-2014-4455\",\n \"CVE-2014-4461\",\n \"CVE-2014-4462\"\n );\n script_bugtraq_id(71136, 71137, 71140, 71142);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-11-17-3\");\n\n script_name(english:\"Apple TV < 7.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version in the banner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV device is a version prior\nto 7.0.2. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple memory corruption issues exist related to the\n included version of WebKit that allow application\n crashes or arbitrary code execution. (CVE-2014-4452,\n CVE-2014-4462)\n\n - A state management issue exists due to improperly\n handling overlapping segments in Mach-O executable\n files. A local user can exploit this issue to execute\n unsigned code. (CVE-2014-4455)\n\n - A remote code execution issue exists due to improper\n validation of metadata fields in IOSharedDataQueue\n objects. (CVE-2014-4461)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/534005/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV 7.0.2 or later. Note that this update is only\navailable for 3rd generation and later models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nget_kb_item_or_exit(\"www/appletv\");\n\nport = 3689;\nbanner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\nif (\n \"DAAP-Server: iTunes/\" >!< banner &&\n \"RIPT-Server: iTunesLib/\" >!< banner\n) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\npat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \\((Mac )?OS X\\)\";\nmatches = egrep(pattern:pat, string:banner);\n\nif (\n \"DAAP-Server: iTunes/\" >< banner &&\n !matches\n) audit(AUDIT_WRONG_WEB_SERVER, port, \"iTunes on an Apple TV\");\n\nfixed_major = \"11.1\";\nfixed_char = \"b\";\nfixed_minor = \"37\";\nfixed_airtunes_version = \"211.3\";\n\nreport = \"\";\n\n# Check first for 3rd gen and recent 2nd gen models.\nif (matches)\n{\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n major = match[1];\n char = match[2];\n minor = int(match[3]);\n\n if (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||\n (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&\n (\n ord(char) < ord(fixed_char) ||\n (\n ord(char) == ord(fixed_char) &&\n minor < fixed_minor\n )\n )\n )\n )\n {\n report = '\\n Source : ' + line +\n '\\n Installed iTunes version : ' + major + char + minor +\n '\\n Fixed iTunes version : ' + fixed_major + fixed_char + fixed_minor +\n '\\n';\n }\n else if (major == fixed_major && char == fixed_char && minor == fixed_minor)\n {\n airtunes_port = 5000;\n # nb: 'http_server_header()' exits if it can't get the HTTP banner.\n server_header = http_server_header(port:airtunes_port);\n if (isnull(server_header)) audit(AUDIT_WEB_NO_SERVER_HEADER, airtunes_port);\n if (\"AirTunes\" >!< server_header) audit(AUDIT_WRONG_WEB_SERVER, airtunes_port, \"AirTunes\");\n\n match = eregmatch(string:server_header, pattern:\"^AirTunes\\/([0-9][0-9.]+)\");\n if (!match) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"AirTunes\", airtunes_port);\n airtunes_version = match[1];\n\n if (ver_compare(ver:airtunes_version, fix:fixed_airtunes_version, strict:FALSE) < 0)\n {\n report = '\\n Source : ' + server_header +\n '\\n Installed AirTunes version : ' + airtunes_version +\n '\\n Fixed AirTunes version : ' + fixed_airtunes_version +\n '\\n';\n }\n else audit(AUDIT_LISTEN_NOT_VULN, \"AirTunes\", airtunes_port, airtunes_version);\n }\n }\n }\n}\nelse\n{\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\nif (report)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:39:50", "bulletinFamily": "scanner", "description": "The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to ", "modified": "2019-12-02T00:00:00", "id": "OPERA_2200.NASL", "href": "https://www.tenable.com/plugins/nessus/74362", "published": "2014-06-06T00:00:00", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3152\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:29:58", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n23 security fixes in this release, including :\n\n- [356653] High CVE-2014-1743: Use-after-free in styles. Credit to\ncloudfuzzer.\n\n- [359454] High CVE-2014-1744: Integer overflow in audio. Credit to\nAaron Staple.\n\n- [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte\nKettunen of OUSPG.\n\n- [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters.\nCredit to Holger Fuhrmannek.\n\n- [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to\npackagesu.\n\n- [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to\nJordan Milne.\n\n- [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- [358057] CVE-2014-3152: Integer underflow in V8 fixed in version\n3.25.28.16.", "modified": "2019-12-02T00:00:00", "id": "FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/74114", "published": "2014-05-21T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74114);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/14 00:01:14 $\");\n\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n23 security fixes in this release, including :\n\n- [356653] High CVE-2014-1743: Use-after-free in styles. Credit to\ncloudfuzzer.\n\n- [359454] High CVE-2014-1744: Integer overflow in audio. Credit to\nAaron Staple.\n\n- [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte\nKettunen of OUSPG.\n\n- [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters.\nCredit to Holger Fuhrmannek.\n\n- [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to\npackagesu.\n\n- [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to\nJordan Milne.\n\n- [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- [358057] CVE-2014-3152: Integer underflow in V8 fixed in version\n3.25.28.16.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/64f3872b-e05d-11e3-9dd4-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f712737\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<35.0.1916.114\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:51:21", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2014-1743\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit document object model implementation.\n\n - CVE-2014-1744\n Aaron Staple discovered an integer overflow issue in\n audio input handling.\n\n - CVE-2014-1745\n Atte Kettunen discovered a use-after-free issue in the\n Blink/Webkit scalable vector graphics implementation. \n\n - CVE-2014-1746\n Holger Fuhrmannek discovered an out-of-bounds read issue\n in the URL protocol implementation for handling media.\n\n - CVE-2014-1747\n packagesu discovered a cross-site scripting issue\n involving malformed MHTML files.\n\n - CVE-2014-1748\n Jordan Milne discovered a user interface spoofing issue.\n\n - CVE-2014-1749\n The Google Chrome development team discovered and fixed\n multiple issues with potential security impact.\n\n - CVE-2014-3152\n An integer underflow issue was discovered in the v8\n JavaScript library.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-2939.NASL", "href": "https://www.tenable.com/plugins/nessus/74256", "published": "2014-06-02T00:00:00", "title": "Debian DSA-2939-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2939. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74256);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_bugtraq_id(67517);\n script_xref(name:\"DSA\", value:\"2939\");\n\n script_name(english:\"Debian DSA-2939-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2014-1743\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit document object model implementation.\n\n - CVE-2014-1744\n Aaron Staple discovered an integer overflow issue in\n audio input handling.\n\n - CVE-2014-1745\n Atte Kettunen discovered a use-after-free issue in the\n Blink/Webkit scalable vector graphics implementation. \n\n - CVE-2014-1746\n Holger Fuhrmannek discovered an out-of-bounds read issue\n in the URL protocol implementation for handling media.\n\n - CVE-2014-1747\n packagesu discovered a cross-site scripting issue\n involving malformed MHTML files.\n\n - CVE-2014-1748\n Jordan Milne discovered a user interface spoofing issue.\n\n - CVE-2014-1749\n The Google Chrome development team discovered and fixed\n multiple issues with potential security impact.\n\n - CVE-2014-3152\n An integer underflow issue was discovered in the v8\n JavaScript library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2939\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 35.0.1916.114-1~deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Multiple memory corruptions.", "modified": "2014-12-21T00:00:00", "published": "2014-12-21T00:00:00", "id": "SECURITYVULNS:VULN:14148", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14148", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Protection bypass, memory corruptions, buffer overflows, code execution, crossite access.", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:VULN:14242", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14242", "title": "Apple TV multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Protection bypass, memory corruptions, buffer overflows, code execution, crossite access.", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:VULN:14243", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14243", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-01-27-1 Apple TV 7.0.3\r\n\r\nApple TV 7.0.3 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A maliciously crafted afc command may allow access to\r\nprotected parts of the filesystem\r\nDescription: A vulnerability existed in the symbolic linking\r\nmechanism of afc. This issue was addressed by adding additional path\r\nchecks.\r\nCVE-ID\r\nCVE-2014-4480 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\r\niSIGHT Partners GVP Program\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes\r\nCVE-ID\r\nCVE-2014-4455 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of font\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4483 : Apple\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Processing a maliciously crafted .dfont file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.dfont files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Viewing a maliciously crafted XML file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the XML parser. This issue\r\nwas addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4485 : Apple\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in\r\nIOAcceleratorFamily's handling of resource lists. This issue was\r\naddressed by removing unneeded code.\r\nCVE-ID\r\nCVE-2014-4486 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A buffer overflow existed in IOHIDFamily. This issue\r\nwas addressed through improved size validation.\r\nCVE-ID\r\nCVE-2014-4487 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in IOHIDFamily's handling of\r\nresource queue metadata. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2014-4488 : Apple\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of event queues. This issue was addressed through improved\r\nvalidation.\r\nCVE-ID\r\nCVE-2014-4489 : @beist\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: An information disclosure issue existed in the handling\r\nof APIs related to kernel extensions. Responses containing an\r\nOSBundleMachOHeaders key may have included kernel addresses, which\r\nmay aid in bypassing address space layout randomization protection.\r\nThis issue was addressed by unsliding the addresses before returning\r\nthem.\r\nCVE-ID\r\nCVE-2014-4491 : @PanguTeam, Stefan Esser\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the kernel shared memory subsystem\r\nthat allowed an attacker to write to memory that was intended to be\r\nread-only. This issue was addressed with stricter checking of shared\r\nmemory permissions.\r\nCVE-ID\r\nCVE-2014-4495 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: The mach_port_kobject kernel interface leaked kernel\r\naddresses and heap permutation value, which may aid in bypassing\r\naddress space layout randomization protection. This was addressed by\r\ndisabling the mach_port_kobject interface in production\r\nconfigurations.\r\nCVE-ID\r\nCVE-2014-4496 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious, sandboxed app can compromise the networkd\r\ndaemon\r\nDescription: Multiple type confusion issues existed in networkd's\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to networkd, it could be possible to execute\r\narbitrary code as the networkd process. The issue is addressed\r\nthrough additional type checking.\r\nCVE-ID\r\nCVE-2014-4492 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-3192 : cloudfuzzer\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\nCVE-2014-4476 : Apple\r\nCVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative\r\nCVE-2014-4479 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\n\r\niQIcBAEBAgAGBQJUx8uoAAoJEBcWfLTuOo7tyYYP/0Wa2vYwjiSNRUiPXPlxwKKJ\r\nEnQeYq248AQZ1D2YDfUwuz3zs826YM9/agwWFv+b1kDU5wYZ37oRvsEB3nmzDyA6\r\nMChLBOE+9YRImVbgGI1VFI7FOCiLXesXWHhSJeKs0nqPmEjY2fjoR6h7KTZy7a8i\r\nQvDM61tRx9u06vDobSH3M+NvfaD87/EQZUzTnzraOw5EnMrnuyAH7vfm05xzhQsc\r\nqyaCkPq1+VsFBRAFdJQRCs2TYXTkSH0NVU+A9iMkhguH8hsRhGOzj4nnP72mYnFs\r\nQqJIPY0mKCHp5GLRLlh5+0XgPQ9M0Rz7Pq3OMfJXQB1/Jt749jAbKSWsetN8vPMx\r\nNHq1UJljbJ4L3anDmDBv5kBE1uDqYJraJQYGoswfvG2PJNIkPzlTXk9nnGIktYBS\r\nzGKZINvUFHjaPCrBiTqoVgbjAT1akkQbC/UkdNxaW0guTHmXOjIyWrN4l0ZqA7t4\r\n1l9sVAc+pKMdbW3AXt6Gs4WEz1Fn/vQiMc2ZYudWXbW0Xc9G+8oL3db/oXoKpjEz\r\n1+TjMcswTHB6+xqhsuUyQWJRMGW38SdwpA2fquE07xRSqhrEcIV37IdXi0knJf27\r\nBLGWtjiDffaIzRxZZbZZjgsvLKRxeQeQeYlEc/dNn2e7x85ln70MJ2BYkuBRfnb6\r\nG6QsP8oliqd742wGBmKC\r\n=rnYo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31676", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31676", "title": "APPLE-SA-2015-01-27-1 Apple TV 7.0.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-01-27-2 iOS 8.1.3\r\n\r\niOS 8.1.3 is now available and addresses the following:\r\n\r\nAppleFileConduit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted afc command may allow access to\r\nprotected parts of the filesystem\r\nDescription: A vulnerability existed in the symbolic linking\r\nmechanism of afc. This issue was addressed by adding additional path\r\nchecks.\r\nCVE-ID\r\nCVE-2014-4480 : TaiG Jailbreak Team\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\r\niSIGHT Partners GVP Program\r\n\r\ndyld\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes.\r\nCVE-ID\r\nCVE-2014-4455 : TaiG Jailbreak Team\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of font\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4483 : Apple\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted .dfont file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.dfont files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative\r\n\r\nFoundation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted XML file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the XML parser. This issue\r\nwas addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4485 : Apple\r\n\r\nIOAcceleratorFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in\r\nIOAcceleratorFamily's handling of resource lists. This issue was\r\naddressed by removing unneeded code.\r\nCVE-ID\r\nCVE-2014-4486 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A buffer overflow existed in IOHIDFamily. This issue\r\nwas addressed through improved size validation.\r\nCVE-ID\r\nCVE-2014-4487 : TaiG Jailbreak Team\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in IOHIDFamily's handling of\r\nresource queue metadata. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2014-4488 : Apple\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of event queues. This issue was addressed through improved\r\nvalidation.\r\nCVE-ID\r\nCVE-2014-4489 : @beist\r\n\r\niTunes Store\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A website may be able to bypass sandbox restrictions using\r\nthe iTunes Store\r\nDescription: An issue existed in the handling of URLs redirected\r\nfrom Safari to the iTunes Store that could allow a malicious website\r\nto bypass Safari's sandbox restrictions. The issue was addressed with\r\nimproved filtering of URLs opened by the iTunes Store.\r\nCVE-ID\r\nCVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: An information disclosure issue existed in the handling\r\nof APIs related to kernel extensions. Responses containing an\r\nOSBundleMachOHeaders key may have included kernel addresses, which\r\nmay aid in bypassing address space layout randomization protection.\r\nThis issue was addressed by unsliding the addresses before returning\r\nthem.\r\nCVE-ID\r\nCVE-2014-4491 : @PanguTeam, Stefan Esser\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the kernel shared memory subsystem\r\nthat allowed an attacker to write to memory that was intended to be\r\nread-only. This issue was addressed with stricter checking of shared\r\nmemory permissions.\r\nCVE-ID\r\nCVE-2014-4495 : Ian Beer of Google Project Zero\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: The mach_port_kobject kernel interface leaked kernel\r\naddresses and heap permutation value, which may aid in bypassing\r\naddress space layout randomization protection. This was addressed by\r\ndisabling the mach_port_kobject interface in production\r\nconfigurations.\r\nCVE-ID\r\nCVE-2014-4496 : TaiG Jailbreak Team\r\n\r\nlibnetcore\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious, sandboxed app can compromise the networkd\r\ndaemon\r\nDescription: Multiple type confusion issues existed in networkd's\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to networkd, it may have been possible to execute\r\narbitrary code as the networkd process. The issue is addressed\r\nthrough additional type checking.\r\nCVE-ID\r\nCVE-2014-4492 : Ian Beer of Google Project Zero\r\n\r\nMobileInstallation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious enterprise-signed application may be able to\r\ntake control of the local container for applications already on a\r\ndevice\r\nDescription: A vulnerability existed in the application installation\r\nprocess. This was addressed by preventing enterprise applications\r\nfrom overriding existing applications in specific scenarios.\r\nCVE-ID\r\nCVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.\r\n\r\nSpringboard\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Enterprise-signed applications may be launched without\r\nprompting for trust\r\nDescription: An issue existed in determining when to prompt for\r\ntrust when first opening an enterprise-signed application. This issue\r\nwas addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a website that frames malicious content may lead to\r\nUI spoofing\r\nDescription: A UI spoofing issue existed in the handling of\r\nscrollbar boundaries. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-4467 : Jordan Milne\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-3192 : cloudfuzzer\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\nCVE-2014-4476 : Apple\r\nCVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative\r\nCVE-2014-4479 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "8.1.3".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\n\r\niQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F\r\npCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb\r\n8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z\r\nmrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn\r\nBi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8\r\ntTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR\r\nIASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh\r\nwEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P\r\ny8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB\r\nw7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR\r\nIEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY\r\nCfDJ+b9mxdd8GswiT3OO\r\n=j9pr\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31677", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31677", "title": "APPLE-SA-2015-01-27-2 iOS 8.1.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-06-30-6 iTunes 12.2\r\n\r\niTunes 12.2 is now available and addresses the following:\r\n\r\nWebKit\r\nAvailable for: Windows 8 and Windows 7\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-3192 : cloudfuzzer\r\nCVE-2014-4452\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\nCVE-2014-4476 : Apple\r\nCVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative\r\nCVE-2014-4479 : Apple\r\nCVE-2015-1068 : Apple\r\nCVE-2015-1069 : Apple\r\nCVE-2015-1070 : Apple\r\nCVE-2015-1071 : Apple\r\nCVE-2015-1072\r\nCVE-2015-1073 : Apple\r\nCVE-2015-1074 : Apple\r\nCVE-2015-1075 : Google Chrome Security team\r\nCVE-2015-1076\r\nCVE-2015-1077 : Apple\r\nCVE-2015-1078 : Apple\r\nCVE-2015-1079 : Apple\r\nCVE-2015-1080 : Apple\r\nCVE-2015-1081 : Apple\r\nCVE-2015-1082 : Apple\r\nCVE-2015-1083 : Apple\r\nCVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung\r\nElectronics\r\nCVE-2015-1120 : Apple\r\nCVE-2015-1121 : Apple\r\nCVE-2015-1122 : Apple\r\nCVE-2015-1124 : Apple\r\nCVE-2015-1152\r\nCVE-2015-1153\r\nCVE-2015-1154\r\n\r\n\r\niTunes 12.2 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niQIcBAEBCAAGBQJVkxn8AAoJEBcWfLTuOo7tYPoP/3l/dw+rYzo6GHoE0xZM/4nc\r\n0kq2Wx+f8blymEOs6cHM7hvR4YTRc+O/QnNZXrVVxa7SqFG2dnE203sxOFyTfl6t\r\nyzN2ueA9IGC0W6c3YBo3ej1Fifi9ey25P66AParFU+7jI3Pj3mkKb1ClrFb6gCzc\r\nU743HOcnmmqSpnnXfxZPt+y2oDasweNt0guCpYYG8mcG2hzyQfSmA8EEh/Dzplv9\r\nNl2NGAqyG3Cj8ZDOoPIZcHYZ8h2DHl+YyczVyryo6YwadRPq54pDKDOjsDmVUkl9\r\nYFZu99gdDK/QVudRolmj9ZjvdAi5fpJJZ0hHl7giNzo5wKCVIaTVgzjVRjXWWvRZ\r\nJwTt07sky25py+rQne62/heKfIhPwv2pNyZmSLSpQsb8+yYVKw0mX5nLmko91+yS\r\nkPOMRF5f/Ek2aYoRJ9DruVpMFs1kHIC3ynh5WQrAWkono1fU/U1Wxz2yGPuU+Jhm\r\ndghvFEjH8uHaayaeNilTKqAfxGBOpd9jKzUe3bQ8gbGNtruun0QxIUsa9DE98giu\r\ne1OtNo70kt1EznEPeAoLwhVb/jQE29OlZyhN912tvTGVjExCmIxcZQdw537yWj7C\r\nae2Kjb4l8ni4T4ta0i1mxC/bbsHa8u/gs8DcMGGcjnbWUAJx6oOAAzY6x9SIfZqa\r\nszGbF5r4TZ5KFgMW9I6o\r\n=Vyyo\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:DOC:32263", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32263", "title": "APPLE-SA-2015-06-30-6 iTunes 12.2", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Information leakage, memory corruption.", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:VULN:14104", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14104", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1\r\n\r\nOS X 10.10.1 is now available and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: OS X Yosemite v10.10\r\nImpact: Website cache may not be fully cleared after leaving private\r\nbrowsing\r\nDescription: A privacy issue existed where browsing data could\r\nremain in the cache after leaving private browsing. This issue was\r\naddressed through a change in caching behavior.\r\nCVE-ID\r\nCVE-2014-4460\r\n\r\nSpotlight\r\nAvailable for: OS X Yosemite v10.10\r\nImpact: Unnecessary information is included as part of the initial\r\nconnection between Spotlight or Safari and the Spotlight Suggestions\r\nservers\r\nDescription: The initial connection made by Spotlight or Safari to\r\nthe Spotlight Suggestions servers included a user's approximate\r\nlocation before a user entered a query. This issue was addressed by\r\nremoving this information from the initial connection and only\r\nsending the user's approximate location as part of queries.\r\nCVE-ID\r\nCVE-2014-4453 : Ashkan Soltani\r\n\r\nSystem Profiler About This Mac\r\nAvailable for: OS X Yosemite v10.10\r\nImpact: Unnecessary information is included as part of a connection\r\nto Apple to determine the system model\r\nDescription: The request made by About This Mac to determine the\r\nmodel of the system and direct users to the correct help resources\r\nincluded unnecessary cookies. This issue was addressed by removing\r\ncookies from the connection.\r\nCVE-ID\r\nCVE-2014-4458 : Landon Fuller of Plausible Labs\r\n\r\nWebKit\r\nAvailable for: OS X Yosemite v10.10\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A use after free issue existed in the handling of page\r\nobjects. This issue was addressed through improved memory management.\r\nCVE-ID\r\nCVE-2014-4459\r\n\r\n\r\nOS X Yosemite 10.10.1 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUadzaAAoJEBcWfLTuOo7t+NEQAJ9Ol8jEbJjK9gX2vepXSgB/\r\nl4xfQIoD0dC5vGKquE+HJS0zH7sdmd9mK+Th439fy4z2PtjulQIKXDdP60CFsZcQ\r\noj7XU1TmWvZjCqWsr90fA61mIWsX9WjfbwKaN55ioLF2NOXBA1+AevqsosN/kj9m\r\nOcfGnIhaAOmFtlveKywSwwep0TGMXMHmi7NjScdlJRdu1GQAlpkq0iqkMjzueoPI\r\nzgZuC3xopuqMtaf686cAcgVo0FM8gX3Gj55MhDDy2bkl4/dj1+N5KBnaZGGQEaww\r\n9FNtK0OUBzG9qpBRDMbuAihGn4FzhZa3/DIAjfr6t2h1xV5SSjH93wGbCl7Yp8jE\r\n+Gi82WRf3DJ60ztGRvQZkiBpkC0pMretdBHXRAiSTWwiRuRYghENmY9vDWHthj3z\r\n8HZWHxbcGLsDQQKUFzO4+v60LKs/LQ92nTNhuQyMeh4Jse3Qg8lUknthSEsw1UXd\r\nGqOKlvKOEQP5JXir6VzjgppYThBAVKnCbzVXcxLUGgVxmk9L/HDhbnxS3rd2U4M0\r\nvAxgBt8/8sjDEdO7IM6AtmBlSGQrxQ4trkG3vmw75RVgwWvFQ1J7b588qtFiVu/N\r\nKRTp3qMKRkZiakkinyZEv6zj6AKKa1CohlorI7tiD0rlOYbw1+n2gHi+1ahreO6f\r\nVT75kTNto2qPitQC9I+6\r\n=9Emx\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:DOC:31398", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31398", "title": "APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-11-17-3 Apple TV 7.0.2\r\n\r\nApple TV 7.0.2 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An attacker with a privileged network position may cause an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-4452\r\nCVE-2014-4462\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes.\r\nCVE-ID\r\nCVE-2014-4455 : @PanguTeam\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IOSharedDataQueue objects. This issue was\r\naddressed through relocation of the metadata.\r\nCVE-ID\r\nCVE-2014-4461 : @PanguTeam\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUajX6AAoJEBcWfLTuOo7to84QAJgIkijuRWbjIumNWZ4tyS2b\r\nv5e0/hdDD5un60trk7sX16TXFw0z9a25uytvjHOvgnleMdLXVMhAj3V6RtLFX+6u\r\nkohV5SiKlGK6m47vVNDT89eYV6UTpSU2BuYPsng+7K8QRUXcVxRZNCSMlRFNeQxF\r\nlcWR/74xr/tMu4kvZfzFaYFrZqTGudnmjGxtfygNSY+/eHCxDLCVU3VnUaGPpGmd\r\nkPAX5QyLsOTfhWePnqpsHqt4l+xZVzI2LOzBNNEpQ0Qif6qLzt4zx1PR2RcKAuKg\r\nqJNBuK08tV8Hne0Sms8SeH8EM92buiPLoTxqvGO9xB68zXtnclFMzA+Z6XQ2GOik\r\n19OXYAfVetiO/mN4Hg+2gB7hZ0Tw6EznOeujcZK3vC3zH6RgqzjevgA5Fas6T9lw\r\nrEWzwailhUs6EOOpolT1OHMIogTXSAxpmO+CyrTwIYCwMWQmPDQyJfqAs5RjUU9d\r\nX0tZxnom20oVTp3U2AkzNUUaQbC0oZgydBjfoNM412dCzsh3rF8IvA/GnM0fLdlR\r\npcxFO0q+fbqMcM9tTcdEJ+blgvOfyM77y72YSl6PkwsylRwRpC0DY7XqgUyERKqX\r\nqZU+luMsZCWA47Y1BjYtG95xGrpmkKtPSnr7V4dqnsKGMK+Uh5Xa7pKdEVzdM3nD\r\nDHp/ayEiwY577KD9XDFw\r\n=kqc5\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:DOC:31399", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31399", "title": "APPLE-SA-2014-11-17-3 Apple TV 7.0.2", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Memory corruptions, unsigned code execution, privilege escalation.", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:VULN:14105", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14105", "title": "Apple TV multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-07-17T14:28:29", "bulletinFamily": "scanner", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2014-12-16T00:00:00", "id": "OPENVAS:1361412562310805305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805305", "title": "Apple Safari 'Webkit' Multiple Vulnerabilities-01 Dec14 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari 'Webkit' Multiple Vulnerabilities-01 Dec14 (Mac OS X)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805305\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2014-4475\", \"CVE-2014-4474\", \"CVE-2014-4473\", \"CVE-2014-4472\",\n \"CVE-2014-4471\", \"CVE-2014-4470\", \"CVE-2014-4469\", \"CVE-2014-4468\",\n \"CVE-2014-4466\", \"CVE-2014-4465\");\n script_bugtraq_id(71451, 71449, 71444, 71442, 71438, 71462, 71461, 71459,\n 71445, 71439);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-16 14:55:53 +0530 (Tue, 16 Dec 2014)\");\n script_name(\"Apple Safari 'Webkit' Multiple Vulnerabilities-01 Dec14 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified memory corruption errors.\n\n - An SVG loaded in an img element could load a CSS file cross-origin.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to conduct denial of service attack, arbitrary code execution and bypass the\n Same Origin Policy.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari before version 6.2.1,\n 7.x before 7.1.1, and 8.x before 8.0.1 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 6.2.1 or\n 7.1.1 or 8.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6145\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57093\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/125428\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"6.2.1\") ||\n version_in_range(version:safVer, test_version:\"7.0\", test_version2:\"7.1.0\")||\n version_is_equal(version:safVer, test_version:\"8.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2015-10-29T00:00:00", "id": "OPENVAS:1361412562310806151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806151", "title": "Apple Mac OS X Multiple Vulnerabilities-06 October-15", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-06 October-15\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806151\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2014-4459\", \"CVE-2014-4458\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-10-29 14:23:09 +0530 (Thu, 29 Oct 2015)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-06 October-15\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists in WebKit and\n the 'System Profiler About This Mac' component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code via crafted page objects in an HTML document.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.x before\n 10.10.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.10.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.([0-9]|10)\\.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(osVer =~ \"^10\\.([0-9]|10)\\.\" && version_is_less(version:osVer, test_version:\"10.10.1\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.10.1\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:15", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804617", "title": "Google Chrome Multiple Vulnerabilities - 01 June14 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 June14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804617\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\",\n \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\",\n \"CVE-2014-3803\");\n script_bugtraq_id(67790, 67517, 67582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 10:20:11 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 June14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error exists in 'StyleElement::removedFromDocument' function\nwithin core/dom/StyleElement.cpp.\n\n - An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream'\nfunction in media/audio_input_renderer_host.cc.\n\n - A use-after-free error exists within SVG.\n\n - An error within media filters in 'InMemoryUrlProtocol::Read'.\n\n - An error in 'DocumentLoader::maybeCreateArchive' function related to a local\nMHTML file.\n\n - An error in 'ScrollView::paint' function related to scroll bars.\n\n - Multiple unspecified errors exist.\n\n - An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in\narm/lithium-codegen-arm.cc within v8.\n\n - Some error in speech API within Blink.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice, inject arbitrary web script or HTML, spoof the UI, enable microphone\naccess and obtain speech-recognition text and possibly have other unspecified\nimpact.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 35.0.1916.114 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"35.0.1916.114\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-31T10:49:04", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743 \ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744 \nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745 \nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation. \n\nCVE-2014-1746 \nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747 \npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748 \nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749 \nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152 \nAn integer underflow issue was discovered in the v8 javascript\nlibrary.", "modified": "2017-07-14T00:00:00", "published": "2014-05-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702939", "id": "OPENVAS:702939", "title": "Debian Security Advisory DSA 2939-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2939.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 2939-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743 \ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744 \nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745 \nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation. \n\nCVE-2014-1746 \nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747 \npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748 \nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749 \nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152 \nAn integer underflow issue was discovered in the v8 javascript\nlibrary.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702939);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_name(\"Debian Security Advisory DSA 2939-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-31 00:00:00 +0200 (Sat, 31 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2939.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-07-19T22:14:46", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804618", "title": "Google Chrome Multiple Vulnerabilities - 01 June14 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 June14 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804618\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\",\n \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\",\n \"CVE-2014-3803\");\n script_bugtraq_id(67790, 67517, 67582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 10:20:11 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 June14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error exists in 'StyleElement::removedFromDocument' function\nwithin core/dom/StyleElement.cpp.\n\n - An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream'\nfunction in media/audio_input_renderer_host.cc.\n\n - A use-after-free error exists within SVG.\n\n - An error within media filters in 'InMemoryUrlProtocol::Read'.\n\n - An error in 'DocumentLoader::maybeCreateArchive' function related to a local\nMHTML file.\n\n - An error in 'ScrollView::paint' function related to scroll bars.\n\n - Multiple unspecified errors exist.\n\n - An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in\narm/lithium-codegen-arm.cc within v8.\n\n - Some error in speech API within Blink.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice, inject arbitrary web script or HTML, spoof the UI, enable microphone\naccess and obtain speech-recognition text and possibly have other unspecified\nimpact.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 35.0.1916.114 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"35.0.1916.114\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744\nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745\nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation.\n\nCVE-2014-1746\nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747\npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748\nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749\nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152\nAn integer underflow issue was discovered in the v8 javascript\nlibrary.", "modified": "2019-03-19T00:00:00", "published": "2014-05-31T00:00:00", "id": "OPENVAS:1361412562310702939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702939", "title": "Debian Security Advisory DSA 2939-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2939.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2939-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702939\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_name(\"Debian Security Advisory DSA 2939-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-31 00:00:00 +0200 (Sat, 31 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2939.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744\nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745\nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation.\n\nCVE-2014-1746\nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747\npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748\nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749\nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152\nAn integer underflow issue was discovered in the v8 javascript\nlibrary.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:44", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804616", "title": "Google Chrome Multiple Vulnerabilities - 01 June14 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 June14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804616\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\",\n \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\",\n \"CVE-2014-3803\");\n script_bugtraq_id(67790, 67517, 67582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 09:39:42 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 June14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error exists in 'StyleElement::removedFromDocument' function\nwithin core/dom/StyleElement.cpp.\n\n - An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream'\nfunction in media/audio_input_renderer_host.cc.\n\n - A use-after-free error exists within SVG.\n\n - An error within media filters in 'InMemoryUrlProtocol::Read'.\n\n - An error in 'DocumentLoader::maybeCreateArchive' function related to a local\nMHTML file.\n\n - An error in 'ScrollView::paint' function related to scroll bars.\n\n - Multiple unspecified errors exist.\n\n - An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in\narm/lithium-codegen-arm.cc within v8.\n\n - Some error in speech API within Blink.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice, inject arbitrary web script or HTML, spoof the UI, enable microphone\naccess and obtain speech-recognition text and possibly have other unspecified\nimpact.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 35.0.1916.114 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"35.0.1916.114\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310841913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841913", "title": "Ubuntu Update for oxide-qt USN-2298-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2298_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for oxide-qt USN-2298-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841913\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:39:33 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1735\", \"CVE-2014-3162\",\n \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\",\n \"CVE-2014-1744\", \"CVE-2014-1746\", \"CVE-2014-1748\", \"CVE-2014-3152\",\n \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3157\", \"CVE-2014-3160\",\n \"CVE-2014-3803\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"Ubuntu Update for oxide-qt USN-2298-1\");\n\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"A type confusion bug was discovered in V8. If a user were\ntricked in to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer crash, or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered in\nChromium. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2014-1735, CVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via renderer crash or execute arbitrary code with the privileges\nof the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer crash\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were tricked\nin to opening a specially crafter website, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in to\nthe parent frame in some circumstances. An attacker could potentially\nexploit ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2298-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2298-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-04-11T00:00:00", "id": "OPENVAS:1361412562310807742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807742", "title": "Fedora Update for webkitgtk FEDORA-2016-9", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2016-9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807742\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 12:47:18 +0530 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2016-9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180485.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~2.4.10~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-23T00:00:00", "id": "OPENVAS:1361412562310807724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807724", "title": "Fedora Update for webkitgtk FEDORA-2016-5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2016-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807724\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-23 06:16:15 +0100 (Wed, 23 Mar 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2016-5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179225.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~2.4.10~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2019-09-28T12:09:07", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\" rel=\"nofollow\">CWE-416: Use After Free</a>\n\nPer an <a href=\"http://support.apple.com/en-us/HT204246\" rel=\"nofollow\">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT204245\" rel=\"nofollow\">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT6596\" rel=\"nofollow\">Apple Security Advisory</a> Apple Safari before versions 8.0.1, 7.1.1 and 6.2.1 were also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.", "modified": "2019-07-16T12:22:00", "id": "CVE-2014-4459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4459", "published": "2014-11-18T11:59:00", "title": "CVE-2014-4459", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4471", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4471", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4474", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4474", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4474", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.\nPer an <a href=\"http://support.apple.com/en-us/HT204246\">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT204245\">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4469", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4469", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T11:34:28", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.", "modified": "2019-07-16T12:22:00", "id": "CVE-2014-4452", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4452", "published": "2014-11-18T11:59:00", "title": "CVE-2014-4452", "type": "cve", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.\nPer an <a href=\"http://support.apple.com/en-us/HT204246\">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT204245\">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4466", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4466", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4466", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4472", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4472", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.\nPer an <a href=\"http://support.apple.com/en-us/HT204246\">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT204245\">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4468", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4468", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4473", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4473", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.\nPer an <a href=\"http://support.apple.com/en-us/HT204246\">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT204245\">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.", "modified": "2019-03-08T16:06:00", "id": "CVE-2014-4465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4465", "published": "2014-12-10T21:59:00", "title": "CVE-2014-4465", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:22", "bulletinFamily": "info", "description": "### *Detect date*:\n06/30/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a man-in-the-middle attack at vectors related to iTunes Store browsing.\n\n### *Affected products*:\nApple iTunes versions earlier than 12.2\n\n### *Solution*:\nUpdate to the latest version \n[Get Apple iTunes](<http://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[Apple advisory](<https://support.apple.com/en-us/HT204949>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2015-1083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083>)6.8Critical \n[CVE-2015-1082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1082>)6.8Critical \n[CVE-2015-1070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1070>)6.8Critical \n[CVE-2015-1079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1079>)6.8Critical \n[CVE-2015-1078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1078>)6.8Critical \n[CVE-2015-1081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081>)6.8Critical \n[CVE-2015-1080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1080>)6.8Critical \n[CVE-2015-1077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1077>)6.8Critical \n[CVE-2015-1076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076>)6.8Critical \n[CVE-2015-1075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1075>)6.8Critical \n[CVE-2015-1074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1074>)6.8Critical \n[CVE-2015-1071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071>)6.8Critical \n[CVE-2015-1072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1072>)6.8Critical \n[CVE-2015-1069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1069>)6.8Critical \n[CVE-2015-1068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1068>)6.8Critical \n[CVE-2015-1073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1073>)6.8Critical \n[CVE-2014-4476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476>)6.8Critical \n[CVE-2014-4477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477>)6.8Critical \n[CVE-2014-4474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474>)6.8Critical \n[CVE-2014-4475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475>)6.8Critical \n[CVE-2014-4472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472>)6.8Critical \n[CVE-2014-4473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473>)6.8Critical \n[CVE-2014-4470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470>)6.8Critical \n[CVE-2014-4471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471>)6.8Critical \n[CVE-2014-4479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479>)6.8Critical \n[CVE-2014-4459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459>)6.8Critical \n[CVE-2015-1119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1119>)6.8Critical \n[CVE-2014-4466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466>)7.5Critical \n[CVE-2015-1122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122>)6.8Critical \n[CVE-2015-1121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1121>)6.8Critical \n[CVE-2015-1120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120>)6.8Critical \n[CVE-2015-1124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1124>)6.8Critical \n[CVE-2014-3192](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192>)7.5Critical \n[CVE-2014-4468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468>)6.8Critical \n[CVE-2014-4469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469>)6.8Critical \n[CVE-2014-4452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452>)5.4Critical \n[CVE-2015-1152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152>)6.8Critical \n[CVE-2015-1154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154>)6.8Critical \n[CVE-2015-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153>)6.8Critical", "modified": "2019-03-07T00:00:00", "published": "2015-06-30T00:00:00", "id": "KLA10620", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10620", "title": "\r KLA10620Multiple vulnerabilities in Apple iTunes ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-21T00:15:00", "bulletinFamily": "info", "description": "### *Detect date*:\n05/20/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome 34.0.1847.137 and earlier. Malicious can use these vulnerabilities to cause denial of service, spoof UI or possibly other impact.\n\n### *Affected products*:\nGoogle Chrome 34.0.1847.137 and earlier\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome](<https://www.google.ru/chrome/browser/>)\n\n### *Original advisories*:\n[Google chrome blog](<http://googlechromereleases.blogspot.ru/2014/05/stable-channel-update_20.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2014-1748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748>)5.0Critical \n[CVE-2014-1747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1747>)4.3Critical \n[CVE-2014-3152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152>)7.5Critical \n[CVE-2014-1749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1749>)7.5Critical \n[CVE-2014-1744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1744>)7.5Critical \n[CVE-2014-1743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1743>)7.5Critical \n[CVE-2014-1746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1746>)5.0Critical \n[CVE-2014-1745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745>)7.5Critical", "modified": "2019-03-07T00:00:00", "published": "2014-05-20T00:00:00", "id": "KLA10007", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10007", "title": "\r KLA10007Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:50", "bulletinFamily": "unix", "description": "\nwebkit reports:\n\nThe ScrollView::paint function in platform/scroll/ScrollView.cpp\n\t in Blink, as used in Google Chrome before 35.0.1916.114, allows\n\t remote attackers to spoof the UI by extending scrollbar painting\n\t into the parent frame.\n\n", "modified": "2015-12-28T00:00:00", "published": "2015-12-28T00:00:00", "id": "1091D2D1-CB2E-11E5-B14B-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/1091d2d1-cb2e-11e5-b14b-bcaec565249c.html", "title": "webkit -- UI spoof", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2016-09-26T17:24:24", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n23 security fixes in this release, including:\n\n[356653] High CVE-2014-1743: Use-after-free in styles. Credit\n\t to cloudfuzzer.\n[359454] High CVE-2014-1744: Integer overflow in audio. Credit\n\t to Aaron Staple.\n[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to\n\t Atte Kettunen of OUSPG.\n[364065] Medium CVE-2014-1746: Out-of-bounds read in media\n\t filters. Credit to Holger Fuhrmannek.\n[330663] Medium CVE-2014-1747: UXSS with local MHTML file.\n\t Credit to packagesu.\n[331168] Medium CVE-2014-1748: UI spoofing with scrollbar.\n\t Credit to Jordan Milne.\n[374649] CVE-2014-1749: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n[358057] CVE-2014-3152: Integer underflow in V8 fixed in\n\t version 3.25.28.16.\n\n\n", "modified": "2014-05-20T00:00:00", "published": "2014-05-20T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/64f3872b-e05d-11e3-9dd4-00262d5ed8ee.html", "id": "64F3872B-E05D-11E3-9DD4-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:48", "bulletinFamily": "info", "description": "Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers.\n\nAmong the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn\u2019t disclose the details of all of the various security vulnerabilities, but of the eight that it listed in its advisory, those three are the most serious.\n\nThe full list of vulnerabilities patched in Chrome 35 will be published later, but here are the ones that Google has published and received bug bounties:\n\n[$3000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**356653**](<https://code.google.com/p/chromium/issues/detail?id=356653>)] **High **CVE-2014-1743: Use-after-free in styles. _Credit to cloudfuzzer._\n\n[$3000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**359454**](<https://code.google.com/p/chromium/issues/detail?id=359454>)] **High **CVE-2014-1744: Integer overflow in audio. _Credit to Aaron Staple._\n\n[$1000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**346192**](<https://code.google.com/p/chromium/issues/detail?id=346192>)] **High **CVE-2014-1745: Use-after-free in SVG. _Credit to Atte Kettunen of OUSPG._\n\n[$1000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**364065**](<https://code.google.com/p/chromium/issues/detail?id=364065>)] **Medium **CVE-2014-1746: Out-of-bounds read in media filters. _Credit to Holger Fuhrmannek._\n\n[$1000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**330663**](<https://code.google.com/p/chromium/issues/detail?id=330663>)] **Medium **CVE-2014-1747: UXSS with local MHTML file. _Credit to packagesu._\n\n[$500][[**331168**](<https://code.google.com/p/chromium/issues/detail?id=331168>)] **Medium **CVE-2014-1748: UI spoofing with scrollbar. _Credit to Jordan Milne._\n\nUsers running Chrome should upgrade as soon as possible in order to avoid attacks against these flaws.\n", "modified": "2014-05-20T18:11:21", "published": "2014-05-20T14:11:21", "id": "THREATPOST:BE295CCB6FC1FBBC4D99DAD78F09067A", "href": "https://threatpost.com/chrome-35-fixes-23-security-flaws/106188/", "type": "threatpost", "title": "Chrome 35 Fixes 23 Security Flaws", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2939-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746 \n CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743\n\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.\n\nCVE-2014-1744\n\n Aaron Staple discovered an integer overflow issue in audio input\n handling.\n\nCVE-2014-1745\n\n Atte Kettunen discovered a use-after-free issue in the Blink/Webkit\n scalable vector graphics implementation. \n\nCVE-2014-1746\n\n Holger Fuhrmannek discovered an out-of-bounds read issue in the URL\n protocol implementation for handling media.\n\nCVE-2014-1747\n\n packagesu discovered a cross-site scripting issue involving\n malformed MHTML files.\n\nCVE-2014-1748\n\n Jordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749\n\n The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.\n\nCVE-2014-3152\n\n An integer underflow issue was discovered in the v8 javascript\n library.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-05-31T07:27:26", "published": "2014-05-31T07:27:26", "id": "DEBIAN:DSA-2939-1:3EA17", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00120.html", "title": "[SECURITY] [DSA 2939-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:27", "bulletinFamily": "unix", "description": "A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1735, CVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in to the parent frame in some circumstances. An attacker could potentially exploit this to conduct clickjacking attacks via UI redress. (CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for subresource loading in SVG images. If a user opened a site that embedded a specially crafted image, an attacker could exploit this to log page views. (CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be activated without consent or any visible indication. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to eavesdrop on the user. (CVE-2014-3803)", "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "USN-2298-1", "href": "https://usn.ubuntu.com/2298-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T19:21:48", "bulletinFamily": "unix", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.", "modified": "2016-03-21T00:00:00", "published": "2016-03-21T00:00:00", "id": "USN-2937-1", "href": "https://usn.ubuntu.com/2937-1/", "title": "WebKitGTK+ vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "modified": "2014-08-30T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
